Device, system, and method of recovery and resetting of user authentication factor
First Claim
1. A method comprising:
- determining that a current user, that (i) fails to perform an authentication process for accessing a service or (ii) requests to perform a reset process for a user-authentication factor of said service, is a genuine user that is authorized to reset said user-authentication factor of said service, by performing;
(a) presenting to the current user a fresh task that the current user is required to perform and that can be tracked by the service;
(b) monitoring a manner in which the current user performs the fresh task;
(c) extracting from said manner in which the current user performs the fresh, a fresh user-specific characteristic;
(d) comparing between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) a previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user;
(e) if there is a match between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) the previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user, then determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service.
6 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.
93 Citations
22 Claims
-
1. A method comprising:
-
determining that a current user, that (i) fails to perform an authentication process for accessing a service or (ii) requests to perform a reset process for a user-authentication factor of said service, is a genuine user that is authorized to reset said user-authentication factor of said service, by performing; (a) presenting to the current user a fresh task that the current user is required to perform and that can be tracked by the service; (b) monitoring a manner in which the current user performs the fresh task; (c) extracting from said manner in which the current user performs the fresh, a fresh user-specific characteristic; (d) comparing between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) a previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user; (e) if there is a match between (I) the fresh user-specific characteristic, that is extracted from the manner in which the current user performs the fresh task, and (II) the previously-extracted user-specific characteristic that was previously extracted from prior user interactions of the genuine user, then determining that the current user is the genuine user that is authorized to reset said user-authentication factor of said service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification